Back to search
CVE-2011-4114
Published: Jan 13, 2012
Modified: Aug 7, 2024
PUBLISHED
Description
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2011-16859
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=753955
x_refsource_CONFIRM
FEDORA-2011-16856
vendor-advisory
x_refsource_FEDORA
[oss-security] 20111104 CVE request: unsafe use of /tmp in multiple CPAN modules
mailing-list
x_refsource_MLIST
https://rt.cpan.org/Public/Bug/Display.html?id=69560
x_refsource_CONFIRM
[oss-security] 20111104 Re: CVE request: unsafe use of /tmp in multiple CPAN modules
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now